free · read-only · stdout only

Your Linux server, scored in 30 seconds.

A small Bash script that prints a 0-10 hygiene score for one Ubuntu / Debian / Amazon Linux box. No agent. No upload. No phone-home. You can read every line before you run it — and you should.

Install

Read it first. It's about 230 lines.

curl -fsSL https://blog.richgibbs.dev/quickcheck-mini/free-quickcheck-mini.sh -o quickcheck-mini.sh
less quickcheck-mini.sh           # please actually read it
bash quickcheck-mini.sh

Prefer to skip the read step? Don't. But if you must: curl -fsSL https://blog.richgibbs.dev/quickcheck-mini/free-quickcheck-mini.sh | bash

What it checks

OS version and rough end-of-life status
SSH: root login policy, password vs. key auth
Firewall presence (UFW / firewalld / nftables / iptables)
Services listening on every interface (0.0.0.0, ::)
Pending security updates (apt / dnf / yum)
Whether automatic security updates are enabled
EC2 IMDSv1 reachability (when running on EC2)
Docker socket exposure and unauthenticated :2375
Time / NTP synchronization
Uptime / time since last reboot

What it does not do

It never writes a file.
It never installs anything.
It never makes an outbound network connection.
It never prints your hostname, IP addresses, MAC addresses, or machine ID.
It is not an audit, a compliance scan, or a certification. It is a tire-kick.

Sample output

==============================================
 free-quickcheck-mini 0.1.0 — local report
==============================================
 Score:  6/10   (pass=6 warn=4 fail=2 skip=1)
----------------------------------------------
 FIX NOW:
  ✗ SSH password auth enabled — switch to key-only
  ✗ EC2 IMDSv1 still reachable — enforce IMDSv2

 REVIEW:
  ! 3 services listening on all interfaces — confirm intentional
  ! Automatic security updates not detected
  ! Docker socket present (660 docker)
  ! Uptime 214 days — plan a reboot

 LOOKS OK:
  ✓ OS family supported (ubuntu 22.04)
  ✓ UFW firewall active
  ✓ Time synchronization active
  ...
==============================================

See a longer sample run →

Get a deeper sample report — free, by email.

Drop your email and the kind of host you run (Ubuntu / Debian / Rocky / EC2 / VPS / Docker host) and we'll send a longer redacted sample report tuned to that environment. No spam, no list rentals, one email and you're done.

Send me the deeper sample →

The same form is used to request the paid pilot below; pick "Free deeper sample" on the form.

Not a server problem? Inbox/DNS QuickCheck — $99.

If your password resets, invoices, support replies, or founder emails are landing in spam (or bouncing outright), your server might be fine and your email DNS might not be. We review SPF, DKIM, DMARC, MX, and the tools authorized to send as your domain — no DNS login, no mailbox access, just a public-DNS review and a written fix list.

One domain, public DNS review, written report within 24 hours.
One async clarification pass within 7 days.
$99 pilot price.

Read the Inbox/DNS scope →

Want to DIY the same checklist? The Indie Founder Email DNS Pack is $19 (pay what you want, $9 minimum) on Gumroad.

Want a real audit? QuickCheck pilot — $149.

The free script is a sanity check. The pilot is the real thing:

Run on one host you choose, with your consent and your supervision.
Goes well past the free tool: cloud-side checks, IAM hygiene, log retention, backup posture, kernel CVE exposure.
Written report (PDF + Markdown) you can hand a junior engineer or a vendor.
One async clarification pass within 14 days — send up to 30 minutes’ worth of follow-up questions by email and get a written response (typically same business day).
One-time $149. No subscription. No upsell to a platform.

Book a QuickCheck pilot →

Why we built it this way

Hosted security scanners ask for an SSH key, an IAM role, or an agent. That's a fine business model. It's also why a lot of small teams never run any scan at all. We wanted a magnet that respects the kind of engineer who reads scripts before they run them.

So: the free tool does what it says on the box, in code you can audit on a phone screen. If you trust what you read, you'll trust the pilot.

Honest scope

This script is not a certification, not a compliance audit, and not endorsed by AWS, Canonical, Red Hat, or anyone else. It does not guarantee security; nothing does. It is a small set of opinionated checks written by a human who has been handed too many neglected Linux boxes. Treat the score as a conversation starter, not a verdict.